OpenAI announced on June 11 that it will acquire Ona, the startup formerly known as Gitpod, to bring persistent cloud execution into its Codex agent platform. The deal gives OpenAI the infrastructure for agents that work for hours or days inside a customer’s own cloud, without tethering to an active session or a single device. Financial terms were not disclosed.
Ona provides preconfigured, customer-controlled cloud environments where agents access the tools, systems, and context they need across extended sessions. The practical pitch is simple: delegate a task to Codex, close your laptop, and the agent continues running inside your organization’s perimeter rather than on OpenAI’s infrastructure. That architecture addresses the single objection most enterprise security teams raise against agent platforms: execution and data must stay in the customer’s environment.
The timing is notable. Anthropic launched its managed-agent platform just before this announcement, moving to own the runtime layer for Claude-based agents. Now OpenAI, rather than building the execution layer from scratch, bought one. Both major labs have moved in the same week to control not just the model but the harness around it: the scheduling, the persistence, the environment configuration that makes long-horizon autonomous work viable.
OpenAI’s own usage data gives context for why this matters at scale. The company says more than 5 million people use Codex weekly, a figure it describes as up 400% from earlier this year. At that volume, the difference between a coding assistant that waits for a user prompt and an agent that works through a multi-hour refactor while the developer sleeps is a product category distinction, not a feature upgrade. Ona closes that gap.
The customer-controlled-cloud model is also the mechanism most likely to unlock regulated industries. A bank or a healthcare organization can accept an AI orchestration layer from OpenAI if execution stays in their AWS VPC. They cannot accept a system where sensitive code or patient data transits OpenAI’s servers. Ona’s architecture, at least as described by OpenAI, is designed to keep the intelligence and orchestration in OpenAI’s hands while the actual compute stays in the customer’s environment.
This acquisition fits a pattern that was already visible in the infrastructure moves across the AI industry this week. MiMo Code, Xiaomi’s coding agent released earlier this month, is also built around long-horizon task execution: not a model that answers questions but a system designed to complete multi-step engineering work autonomously. The convergence is not coincidental. As base model capabilities plateau in short-context tasks, the next differentiation is persistence, reliability across long sessions, and the tooling that makes multi-hour agent runs practical.
The moat debate in AI has shifted to this territory. A year ago the argument was whether fine-tuned models or raw frontier models would win enterprise contracts. That argument is mostly resolved in favor of frontier labs with strong API programs. The current argument is whether the moat is the model itself or the loop around it: the eval framework, the execution environment, the scheduling infrastructure, the approval gates. By acquiring Ona, OpenAI is betting the loop is where defensibility lives.
One gap in OpenAI’s announcement is worth noting: the company has not described the specific security certification posture Ona’s environments will carry, nor whether the customer-controlled-cloud model extends to all Codex tiers or only enterprise contracts. Those details determine whether this is a genuine enterprise unlock or a roadmap commitment.
Teams currently evaluating long-running agent infrastructure for engineering workflows should reexamine whether their shortlist of execution environments is still competitive now that both OpenAI and Anthropic have moved to own this layer directly.
OpenAI (openai.com), 2026-06-11.
